Adam Majer
44d1db1d6e
- update to 3.0.14 (still FATE#322416) Feature improvements * Enforce TLS client certificate expiration on session resumption, and Session-Timeout. See CVE-2017-9148 (bnc#1041445) * Updated dictionary.cisco.vpn3000, dictionary.patton * Added dictionary.dellemc * Lowered the log output for failed PEAP sessions. * ALlow utc in rlm_date. * The internal OpenSSL session cache has been disabled. Please see mods-available/eap * Update detail reader documentation. * Make outgoing RadSec connections non-blocking. * Add SQL backing to Moonshot-*-TargetedId generation. Bug Fixes * radtest uses Cleartext-Password for EAP, not User-Password. * Update documentation for mods-enabled/ linking. * Enhanced checks for moonshot salt. * Allow session resumption for RadSec connections. * Update "huntgroups" file to note that port ranges are not supported * Fix OpenSSL permissions issues on default key files. * Certificates are not required when PSK is used. * Allow SubjectAltName as first extension in cert. * Fixed talloc issue with TLS session resumption. * "&Attr-26 := 0x01" now produces useful error messages. * Handle connection error in rlm_ldap_cacheable_groupobj. * Fix endian issues in DHCP. * Multiple minor fixes for Coverity complaints. * Handle unexpected regex. * Fix minor issues in dictionaries. * Fix typos and grammar. Patches from Alan Buxey. * Fix erroneous VP creation in rlm_preproces. * Fix MIB. Patch from Jeff Gehlbach. * Trust router updates from Alejandro Perez. * Allow build with LibreSSL. * Use correct packet for channel bindings. * Many fixes found by PVS-Studio. Thanks to PVS-Studio for giving us a test license. Please see the git commit history for more info. * Fix incorrect length check in EAP-PWD. This may be exploitable. * Stop rotating session database files (radutmp, radwtmp) since these are not logfiles. - freeradius-server-radiusd-logrotate.patch: updated OBS-URL: https://build.opensuse.org/request/show/499628 OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=98
40 lines
959 B
Diff
40 lines
959 B
Diff
Index: freeradius-server-3.0.14/suse/radiusd-logrotate
|
|
===================================================================
|
|
--- freeradius-server-3.0.14.orig/suse/radiusd-logrotate
|
|
+++ freeradius-server-3.0.14/suse/radiusd-logrotate
|
|
@@ -16,13 +16,18 @@ notifempty
|
|
# The main server log
|
|
#
|
|
/var/log/radius/radius.log {
|
|
+ su radiusd radiusd
|
|
copytruncate
|
|
+ postrotate
|
|
+ kill -HUP `cat /run/radiusd/radiusd.pid` || :
|
|
+ endscript
|
|
}
|
|
|
|
#
|
|
# Session monitoring utilities
|
|
#
|
|
/var/log/radius/checkrad.log /var/log/radius/radwatch.log {
|
|
+ su radiusd radiusd
|
|
nocreate
|
|
size=+1024k
|
|
}
|
|
@@ -31,6 +36,7 @@ notifempty
|
|
# SQL log files
|
|
#
|
|
/var/log/radius/sqllog.sql {
|
|
+ su radiusd radiusd
|
|
nocreate
|
|
size=+2048k
|
|
}
|
|
@@ -43,6 +49,7 @@ notifempty
|
|
# second technique, you will need another cron job that removes old
|
|
# detail files. You do not need to comment out the below for method #2.
|
|
/var/log/radius/radacct/*/detail {
|
|
+ su radiusd radiusd
|
|
nocreate
|
|
}
|
|
|